#!/bin/bash
###### Information ############################################################################
# Name:          wss-scan.sh
# Language:      Shell
#
# About:         This script is to scan the OpenSearch distros for vulnerabilities and licenses
#                It will scan the repositories and send the WhiteSource link to the mail 
#                of the user. 
#
# Prerequisites: Need to install Java 11
#                Export JAVA_HOME env variable to the JDK path
#                Add JAVA_HOME to PATH variable
#                Need to set the recepient mail in wss-scan.config for local run
#                WhiteSource API key is needed for local run, The API Key can be retrieved from the
#                WhiteSource Admin Console of your account.Use the below command to export the API key
#                export wss_apikey=$(APIKEY)
#
# Usage:         ./wss-scan.sh
#
###############################################################################################

set -e

# Generate temporary `settings.gradle` file based on the name in `build.gradle`
function generate_settings_gradle() {
  settings_gradle_content=`cat build.gradle | grep name | grep -i $repo | head -n 1 | sed 's/name/rootProject.name =/g' | awk '{$1=$1};1'`
  echo $settings_gradle_content > settings.gradle
  cat settings.gradle
}

java -version; gradle -v; mvn -v; node -v; npm -v; yarn -v

if [ ! -f "wss-unified-agent.jar" ]
then
  # Download the WhiteSource Agent 
  curl https://unified-agent.s3.amazonaws.com/wss-unified-agent-21.11.2.1.jar --output wss-unified-agent.jar
fi

# scan the config file for the user configurations
# wss-scan.config has to be present in the same working directory as the script
echo "Run before source"
. ./wss-scan.config
echo $gitRepos

# change comma to whitespace
gitRepos=${gitRepos//,/$'\n'} 

basepath=$baseDirPath"/repos"

echo "Cleaning up scan directories if already present"
rm -rf $basepath
echo "Cleaning up temp file that will affect scan"
rm -rf /tmp/ws*

mkdir -p $basepath
 
# clone the desired Repos for scanning 
for repo in $gitRepos
do
  echo "Cloning repo "$gitBasePath$repo
  if [ ${repo} == "OpenSearch" ]
  then
    echo "Cloning "$repo" at branch 1.x"
    git clone -b 1.x "$gitBasePath$repo".git ${basepath}/${repo}
    # /qa/ in OpenSearch repo contains all files related to the previous version of ODFE.
    # WhiteSource will attept to download them and take hours to build or timeout error. 
    # Remove /qa/ because it's irrelevant to OpenSearch. 
    rm -rf ${basepath}/${repo}/qa
  else
    echo "Cloning "$repo" at main branch" 
    git clone "$gitBasePath$repo".git ${basepath}/${repo}
  fi
done

echo -n > info.txt
target='OpenSearch'

# scan the Repos using the WhiteSource Unified Agent
for repo in $gitRepos
do
  repo_path=$basepath"/"$repo
  if [ -d "$repo_path" ]
  then
    cd $repo_path
    echo "Scanning repo: "$gitBasePath$repo " Project: " $repo
    if [ -e "build.gradle" ]
    then
        echo "build.gradle for $repo exist in root"
        if [ ! -e "settings.gradle" ]
        then
            echo "settings.gradle not exist in $repo, create one based on build.gradle name"
            generate_settings_gradle
        else
            echo "settings.gradle exist $repo"
        fi
    else
        # Exceptions for some repos that have `build.gradle` in sub-folder
        if [ ${repo} == "observability" ]
        then
          cd $repo_path/opensearch-observability
          generate_settings_gradle
        else
          echo "build.gradle for $repo not exist, either dashboards repo or missing necessary files"
        fi
    fi
    java -jar $baseDirPath/wss-unified-agent.jar -c $baseDirPath/wss-unified-agent.config -d $repo_path -apiKey $wss_apikey -product "$target" -project $repo
    cd $baseDirPath && pwd
  else
    echo "Scanning failed for repo: "$gitBasePath$repo " Project: " $repo
  fi
done

# remove the WhiteSource unified Jar 
rm $baseDirPath/wss-unified-agent.jar
echo "WhiteSource vulnerability scan completed"
